File u_tigervnc-Add-autoaccept-parameter.patch of Package tigervnc
Index: tigervnc-1.12.0/java/com/tigervnc/rfb/CSecurityTLS.java
===================================================================
--- tigervnc-1.12.0.orig/java/com/tigervnc/rfb/CSecurityTLS.java
+++ tigervnc-1.12.0/java/com/tigervnc/rfb/CSecurityTLS.java
@@ -66,6 +66,9 @@ public class CSecurityTLS extends CSecur
public static StringParameter X509CRL
= new StringParameter("X509CRL",
"X509 CRL file", "", Configuration.ConfigurationObject.ConfViewer);
+ public static StringParameter x509autoaccept
+ = new StringParameter("x509autoaccept",
+ "X509 Certificate SHA-1 fingerprint", "", Configuration.ConfigurationObject.ConfViewer);
public static UserMsgBox msg;
private void initGlobal()
@@ -85,6 +88,7 @@ public class CSecurityTLS extends CSecur
setDefaults();
cafile = X509CA.getData();
crlfile = X509CRL.getData();
+ certautoaccept = x509autoaccept.getData();
}
public static String getDefaultCA() {
@@ -278,6 +282,7 @@ public class CSecurityTLS extends CSecur
"do you want to continue?"))
throw new AuthFailureException("server certificate has expired");
}
+ String thumbprint = getThumbprint(cert);
File vncDir = new File(FileUtils.getVncHomeDir());
if (!vncDir.exists()) {
try {
@@ -337,6 +342,9 @@ public class CSecurityTLS extends CSecur
store_pubkey(dbPath, client.getServerName().toLowerCase(), pk);
} catch (java.lang.Exception e) {
if (e.getCause() instanceof CertPathBuilderException) {
+ if (certautoaccept != null && thumbprint.equalsIgnoreCase(certautoaccept)) {
+ return;
+ }
vlog.debug("Server host not previously known");
vlog.debug(info);
String text =
@@ -524,7 +532,7 @@ public class CSecurityTLS extends CSecur
private SSLEngineManager manager;
private boolean anon;
- private String cafile, crlfile;
+ private String cafile, crlfile, certautoaccept;
private FdInStream is;
private FdOutStream os;
